PayPal Express - 10002 security header is not valid error

magento.stackexchange https://magento.stackexchange.com/questions/14177

Question

I am getting an error while testing PayPal Express, the error is: 10002 security header is not valid.

The site runs on an AWS EC2 with nginx and Varnish in front. I use Turpentine for the config and hole-punching. Would this architecture have something to do with it?

I'm not testing on Sandbox mode however the live API credentials are all correct, I've reset it multiple times. I've looked through the logs but I can't find anything significant.

2014-01-31T05:47:11+00:00 ERR (3): 
exception 'Mage_Core_Exception' with message 'PayPal NVP gateway errors: Security header is not valid (#10002: Security error). Correlation ID: 60e76cc8d89c5. Version: 72.0.' in /var/www/app/Mage.php:580

Perhaps the following might be relevant? The token is empty:

==> payment_paypal_express.log <==
2014-01-31T05:22:42+00:00 DEBUG (7): Array
(
    [url] => https://api-3t.paypal.com/nvp
    [GetExpressCheckoutDetails] => Array
        (
            [TOKEN] => 
            [METHOD] => GetExpressCheckoutDetails
            [VERSION] => 72.0
            [USER] => ****
            [PWD] => ****
            [SIGNATURE] => ****
            [BUTTONSOURCE] => Varien_Cart_EC_AU
        )

    [response] => Array
        (
            [TIMESTAMP] => 2014-01-31T05:22:42Z
            [CORRELATIONID] => 5bcdb0da70494
            [ACK] => Failure
            [VERSION] => 72.0
            [BUILD] => 9285531
            [L_ERRORCODE0] => 10002
            [L_SHORTMESSAGE0] => Security error
            [L_LONGMESSAGE0] => Security header is not valid
            [L_SEVERITYCODE0] => Error
        )

    [__pid] => 1219
)
Was it helpful?

Solution

This is what worked for me, stange but it did the trick Magento 1.8.1 Paypal Website

First, I went into Paypal.com account and enabled all API Access

  1. Goto Profile > Request API credentials > Set up PayPal API credentials and permissions > Add or edit API permissions

  2. Add New Third Party, or Edit Existing Third Party the username used for Magento

  3. I granted all permissions, probably not necessary, but I figured it couldn't hurt

Then in Magento Admin:

  1. Go to System > Configuration > PayPal > API/Integration Settings

  2. Remove all values from API Username, API Password and API Signature from.

  3. Go to System > Cache Management and clear all caches.

  4. Put the API Credentials back in

OTHER TIPS

 PayPal gateway has rejected request. Invalid token (#10410: Invalid token)

Enable Express Checkout (PayPal Navigation has changed to)

  Profile & Settings >> My selling tools >> API access >> Update
  Enable Express Checkout 
  Accept >> Submit.

Check Magento Paypal setting

 System >> Configuration >> Sales >> Payment Methods

Choose your PayPal option

Configue >> Set API Credential

Enable paypal

 Enable this solution: Yes

Disable SSL if you do not have SSL

 Enable SSL verification : No

With Development Mode

 Sandbox Mode : Yes

Clear Magento Cache, Should work.

New development: PayPal has discontinued support for SSL as of Jan 2015, or more accurately, requires the implementation of TLS. From what my hosting provider says, this is a support request for Apache configuration and you might be able to do this yourself if you have root access and are knowledgable. Add TLS to the server configuration and this might solve your problem, I'll come back and confirm whether this fixed it for me.

I got the same problem and found my problem is

  • I type the API signature character by charter, the character "I" is similar to "l"
  • As there are multiple "I" in the signature, I have to tested one by one via the link of paypal checking API credential.
  • Then damn it, it works.

Therefore, copy is a better way while being careful about the spaces at the front or end.

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top